Skip to content Skip to navigation

Friday Cyber News, August 5 2016

Cyber technology-related news and links from around the web, for the week of 7/30 - 8/5:

1. Black Hat and DEFCON are in Las Vegas this week; check out this guide to not getting hacked, and then forget that advice and don't bring anything internet-connected to the conferences. Here's a guide to interesting talks at Black Hat and a reminder that your hotel key might get hacked at DEFCON. [Black Hat; Defcon; Motherboard; CSO Online; eSecurityPlanet]

2. Security researchers Mudge and Mrs. Mudge (Sarah) are testing and scoring the security of software, following a proposal by Dan Geer that an independent "underwriter's laboratory"-type organization should determine what products are more or less secure. [The Intercept]

3. Following the DNC hacks and fear of Russian meddling (Russia: we're being hacked too), the DHS is considering adding the US election system to its list of critical infrastructure, which would mean additional cybersecurity scrutiny and protection. The "election system" includes electronic voting machines, vote tallying systems, and systems used to communicate and report election results. [BBC; Federal News Radio]

4. Another Bitcoin exchange was hacked, this time Bitfinex, and 119,756 bitcoins were stolen. Prior to the theft, US regulators had found that Bitfinex was in violation of financial regulations for its "off-chain" operations, including allowing the leveraged trade of bitcoins that did not actually change ownership. These broker-dealer operations are occurring at more exchanges than just Bitfinex, calling into question the value of letting an exchange serve as the type of trusted intermediary the blockchain system should eliminate. [Quartz; Financial Times]

5. Alex Stamos, Facebook CISO, wants security researchers to focus on the fact that "traditional security does not always consider the problems of people who use technology in unexpected ways or with imperfect security practices." Rather than multi-step creative hacks, or tracking users via their battery status, most security vulnerabilities come from individuals sharing or forgetting passwords. Foreign governments are also behind many hacks that activists encounter, from Iran-led mobile device hijacking to UAE-based malware spread over Twitter. [Facebook; Martin Vigo; NextWeb; Washington Post]

6. Algorithmic auditing, holding automatic processes accountable for potentially discriminatory results, has had a hard time capturing the American imagination. The EU has rules taking effect in 2018 that will allow citizens to explore and contest how automatic decisions were made. [NY Times]

7. Profile of Moxie Marlinspike, the Johnny Appleseed of encryption and one of the founders of Signal. [Wired]

8. You can use the internet on Everest--here's an explanation of how, and what it's doing to the experience of climbing the mountain. You can also use the internet in New York--and can't really get away from it there, making the city an augmented urban reality that Frank Rose explains is spurring the development of "smart cities" worldwide. [Motherboard; New Yorker]

9. At Stanford, even as undergrads flee the humanities we're still finding students in the parking lot: teaching ethics to autonomous vehicles. [Stanford News]

10. Current state of disappointment with: chatbots, artificial intelligence, EMV chips on cards in the US, the ByLock messaging app used in the Turkish attempted coup, and HTTPS pages. [VentureBeat; New Yorker; Quartz; Reuters; Ars Technica]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)